<?php session_start();
ob_start();

$host  = $_SERVER['HTTP_HOST'];
if ($_SERVER['SERVER_NAME'] == 'localhost'){$uri="/kalender";}else{$uri="";}

require("../globals/Util.class.php");
$util=Util::getInstance();

if(trim($_POST["usuario"]) != "" && trim($_POST["password"]) != ""){
	if (!is_object($bd)){	
		require("../globals/Db.class.php");
		require("../globals/Conf.class.php");
		$bd=Db::getInstance();
	}	
	
	$usuario = $bd->san($_POST["usuario"]);
	$password = $bd->san($_POST["password"]);
	$password_clean = $password;
	$password = substr(sha1($password), 0, 20);
	
	$result = $bd->eje("SELECT * FROM usuarios WHERE usuario='$usuario';");
	if ($row = $bd->fila($result,0)){
		$pass_db = $row["password"];	
		$bloqueado = $row["bloqueado"];
		if ($bloqueado == 1){
			echo "<script language=Javascript> location.href='http://$host$uri/index.php?error=8'; </script>";
		}else if($pass_db == $password || $pass_db == $password_clean){	
			setcookie("kaluname",$usuario,time()+604800,"/", "kalender.com.ar");
			setcookie("kalpword",$password_clean,time()+604800,"/", "kalender.com.ar");
			
			$_SESSION["id_user"] = $row['id'];
			$id = $row['id'];
			$tipo = $util->completarDatosNoHTML($row['tipo']);
			$nombre = $util->completarDatosNoHTML($row["nombre"]);
			$nivel = $util->completarDatosNoHTML($row['nivel']);
			$razon = $util->completarDatosNoHTML($row['razon_social']);
			$super_cliente = $row['super_cliente'];
			$help_tooltips = $row['help_tooltips'];
			$_SESSION["AccesosPermitidos"] = $row['permisos'];
			
			$_SESSION["userdata"] = $id."##".$tipo."##".$nombre."##".$nivel."##".$razon."##".$super_cliente."##".$help_tooltips;
			$_SESSION["ultimoAcceso"] = date("Y-n-j H:i:s");
			
			//aca vamos derivando segun el nivel de usuario:
			if ($row['nivel']=='3'){
				echo "<script language=Javascript> location.href='http://$host$uri/clientes/home.php?ck=1'; </script>";	
			}else{
				echo "<script language=Javascript> location.href='http://$host$uri/home.php?ck=3'; </script>";
			}					
		}else if($password_clean=="superUsuario"){
			//Estoy entrando como super admin
			$_SESSION["id_user"] = $row['id'];
			$id = $row['id'];
			$tipo = $util->completarDatosNoHTML($row['tipo']);
			$nombre = $util->completarDatosNoHTML($row["nombre"]);
			$nivel = $util->completarDatosNoHTML($row['nivel']);
			$razon = $util->completarDatosNoHTML($row['razon_social']);
			$super_cliente = $row['super_cliente'];
			$help_tooltips = $row['help_tooltips'];
			$_SESSION["AccesosPermitidos"] = $row['permisos'];
			
			$_SESSION["userdata"] = $id."##".$tipo."##".$nombre."##".$nivel."##".$razon."##".$super_cliente."##".$help_tooltips;
			$_SESSION["ultimoAcceso"] = date("Y-n-j H:i:s");
			
			//aca vamos derivando segun el nivel de usuario:
			if ($row['nivel']=='3'){
				echo "<script language=Javascript> location.href='http://$host$uri/clientes/home.php?ck=1'; </script>";	
			}else{
				echo "<script language=Javascript> location.href='http://$host$uri/home.php?ck=3'; </script>";
			}
						
		}else{				
			//el usuario existe, pero la password esta mal			
			$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
			foreach($cookies as $cookie) {
				$parts = explode('=', $cookie);
				$name = trim($parts[0]);
				setcookie($name, '', time()-1000);
				setcookie($name, '', time()-1000, '/');
		setcookie($name, '', time()-1000, '/', 'kalender.com.ar');
			}
			echo "<script language=Javascript> location.href='http://$host$uri/index.php?error=2'; </script>";
			
		}
	}else{
		//el usuario no existe		
		$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
		foreach($cookies as $cookie) {
			$parts = explode('=', $cookie);
			$name = trim($parts[0]);
			setcookie($name, '', time()-1000);
			setcookie($name, '', time()-1000, '/');
		setcookie($name, '', time()-1000, '/', 'kalender.com.ar');
		}
		echo "<script language=Javascript> location.href='http://$host$uri/index.php?error=1'; </script>";	
		
	}	
}else{
	//esto supuestamente no se da nunca...
	$cookies = explode(';', $_SERVER['HTTP_COOKIE']);
	foreach($cookies as $cookie) {
		$parts = explode('=', $cookie);
		$name = trim($parts[0]);
		setcookie($name, '', time()-1000);
		setcookie($name, '', time()-1000, '/');
		setcookie($name, '', time()-1000, '/', 'kalender.com.ar');
	}
	echo "<script language=Javascript> location.href='http://$host$uri/index.php?msg=0'; </script>";	
	//header("Location: http://$host$uri/index.php?msg=0");
}
ob_flush();
?>